IT COMPLIANCE & RISK

Full Time

Job Purpose

The IT Compliance & Risk Lead is responsible for the assessment of technology vendor risks and control effectiveness across the IT disciplines. The IT Risk lead will identify, classify, and document control issues in the bank's environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to IT management.

Key Accountabilities

1. Supports the establishment of the IT risk management process and integration and maturing of the process across the IT disciplines and practices.
2. Supports development of the technology risk framework, policies, standards, and risk taxonomy.
3. Supports the implementation and adherence to the risk framework, in collaboration and conjunction with business-aligned risk partners.
4. Evaluates and identifies technology risk related to divisions and the enterprise, including emerging trends that may impact risk profile.
5. Supports the self and control risk assessment (RCSA) for IT and engages with the IT stakeholders to define the controls in place, residual risk, and treatment plans.
6. Maintains a consolidated list of the technology risks at the enterprise level and ensures continuous monitoring of the risks and corresponding mitigation plans.
7. Implements risk assessments across the enterprise and builds an overall profile of the technology risk.
8. Provides credible challenge based on risk assessment results and ensures risk is being mitigated.
9. Collaborates with division risk officers and subject matter experts to ensure policies and standards are practical, effective, and efficient.

Qualifications
Bachelor’s/master’s degree in computer science or related field.
Professional Certifications: COBIT, ITIL, CRISC, ISACA.

Experience
6 – 8 Years

Skills

1. Minimum 3-5 years of experience in an IT risk and compliance role.
2. Solid understanding of IT governance, information security policies, standards, and industry best practices.
3. Experience in technology and operational risks frameworks.
4. Practical experience in scoping, conducting risk assessments, and documenting results.
5. Detail-oriented and able to meet tight deadlines.
6. Excellent documentation skills and ability to communicate effectively across functional areas.